1. Field of the Invention
The present invention relates to ActiveX control, and more particularly, to an apparatus and method for managing the execution of ActiveX control in order to prevent the resources of a client system from illegally accessing by a malicious user although ActiveX control contains a security problem.
2. Description of the Related Art
Recently, various web based services have been introduced. In order to use such web based service, ActiveX control has been widely used.
The ActiveX control can be executable through a hyper text markup language (HTML) and a script language and access the resources of a client system, unlimitedly. Such an advantageous feature of the ActiveX control may cause the serious security problem in a client system if the ActiveX control contains malicious contents such as hacking codes.
Malicious users often use the weakness of the ActiveX control to illegally access a predetermined system. In this case, the malicious users use web-mails or home pages.
In case of the web-mails, a malicious user sends an E-mail to a predetermined person with contents that executes predetermined ActiveX control. When the predetermined person opens the E-mail, the malicious user can access the system illegally through the executed ActiveX control.
In case of the home page, a malicious user opens a home page with contents that execute predetermined ActiveX control. If any person visits the home page, the malicious user tries to access a related system illegally through the executed ActiveX control.
In order to overcome the shortcoming of the ActiveX control, the execution of ActiveX control has been restricted for interrupting the illegal access.
For example, Microsoft corp. introduced a SiteLock Template to limit domains that allow the execution of ActiveX control.
However, the SiteLock Template also has shortcoming. That is, a developer must code each ActiveX control with the SiteLock Template included. Due to such difficulty of using the SiteLock Template, only few developers use the SiteLock Template to limit the domains that allow the execution of ActiveX control.
Although the SiteLock Template is used, it is not easy to limit the domains if sites allowing the execution of ActiveX control are changeable.
For the reference, the Site Lock Template is described in detail in an article “Site Lock Template 1.04 for ActiveX control” in the Microsoft web-site.